Re: VPN Connection from 4.1 to WatchGuard

Sat, 11 Aug 2007 07:30:44 -0700 

Hi,

Am 11.08.2007 um 14:19 schrieb [EMAIL PROTECTED]:


Aug  9 01:52:40 voldemort isakmpd[20491]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC
It seems your watchguard is sending 3DES, but your OBSD box is set to accept AES. The both have to be set to use the same encryption algorithm.
well, but as you can see further down is my ipsec.conf where I clearly put in 3des as encryption and the WG has also 3des enabled. Any further help? 

Cheers
James



mailinglists-9 wrote:


Hi,

I have set  up a vpn from my OpenBSD Box (4.1-current) to our company
WatchGuard X700. My problem is that the re-keying
isn't always working and my tunnel does not come up if I send traffic
to the destination network. I must manually
restart the isakmpd and then start the tunnel by using ipsecctl -f /
etc/ipsec.conf. I see some strange errors in my /var/log/messages
even when the tunnel is up. What do these errors mean?:

Aug  9 01:52:40 voldemort isakmpd[20491]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC

Aug  9 02:02:07 voldemort isakmpd[20491]: sendmsg (20,
0x7f7ffffe3ba0, 0): No buffer space available
Aug  9 02:02:07 voldemort isakmpd[20491]: transport_send_messages:
giving up on exchange IPsec-MY_EXTERNAL_IP-PEER_EXTERNAL_IP, no
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:02:07 voldemort isakmpd[20491]: sendmsg (20,
0x7f7ffffe3ba0, 0): No buffer space available
Aug  9 02:02:07 voldemort isakmpd[20491]: transport_send_messages:
giving up on exchange IPsec-MY_EXTERNAL_IP-194.25.138.0/24, no
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:04:07 voldemort isakmpd[20491]: transport_send_messages:
giving up on exchange IPsec-MY_EXTERNAL_IP-PEER_EXTERNAL_IP, no
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:04:07 voldemort isakmpd[20491]: transport_send_messages:
giving up on exchange IPsec-MY_EXTERNAL_IP-194.25.138.0/24, no
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:06:07 voldemort isakmpd[20491]: transport_send_messages:
giving up on exchange IPsec-MY_EXTERNAL_IP-PEER_EXTERNAL_IP, no
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:06:07 voldemort isakmpd[20491]: transport_send_messages:
giving up on exchange IPsec-MY_EXTERNAL_IP-194.25.138.0/24, no
response from peer PEER_EXTERNAL_IP:500
Aug  9 02:07:56 voldemort isakmpd[20491]: sendmsg (20,
0x7f7ffffe3ba0, 0): No buffer space available
Aug  9 02:07:56 voldemort isakmpd[20491]: sendmsg (20,
0x7f7ffffe3ba0, 0): No buffer space available
MY_EXTERNAL_IP

My ipsec.conf looks like this:

ike esp from $ext_IP to $peer_GW
ike esp from $ext_IP to $peer_LAN peer $peer_GW
ike esp from $int_LAN to $peer_LAN \
   peer $peer_GW \
   main auth hmac-sha1 enc 3des group modp1024 \
   quick auth hmac-sha1 enc 3des group none \
   psk "XXXX"

Any help is highly appreciated.

Cheers,
James

Reply via email to